Release DongTai-Server #59
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release DongTai-Server | |
on: | |
release: | |
types: [ created, edited ] | |
workflow_dispatch: | |
inputs: | |
agent_version: | |
required: true | |
type: string | |
server_version: | |
required: true | |
type: string | |
jobs: | |
build: | |
if: ${{ github.repository_owner == 'HXSecurity' }} | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
strategy: | |
max-parallel: 4 | |
matrix: | |
python-version: [3.7] | |
steps: | |
- name: start-build | |
uses: joelwmale/webhook-action@master | |
with: | |
url: ${{ secrets.DONGTAI_WEBHOOK_URL }} | |
body: '{"msg_type": "interactive","card": {"config": {"wide_screen_mode": true,"enable_forward": true},"elements": [{"tag": "div","text": {"content": "状态:项目${{github.repository}}构建开始\n分支:${{github.ref}}\n流程:${{github.workflow}}\n构建编号:${{github.run_number}}\n触发事件:${{github.event_name}}\n提交人:${{github.actor}}\nSHA-1:${{github.sha}}\n","tag": "lark_md"}}]}}' | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Set the value | |
id: release | |
run: | | |
TAG_NAME=${{ github.event.release.tag_name }} | |
ID=`echo ${TAG_NAME##v}` | |
if [ -z "${{ inputs.server_version }}" ] | |
then | |
echo "variable is empty" | |
else | |
ID=${{ inputs.server_version }} | |
fi | |
echo "iast_version=$ID" >> $GITHUB_ENV | |
- name: Generate version file | |
run: | | |
bash .github/workflows/version_update.sh "${{ env.iast_version }}" | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DONGTAI_DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DONGTAI_DOCKERHUB_TOKEN }} | |
- name: Login to Aliyun Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ secrets.ALIYUN_REGISTRY }} | |
username: ${{ secrets.ALIYUN_DOCKERHUB_USER }} | |
password: ${{ secrets.ALIYUN_DOCKERHUB_PASSWORD }} | |
- name: Setup Ossutil | |
uses: manyuanrong/setup-ossutil@v2.0 | |
with: | |
endpoint: ${{ secrets.ALIYUN_OSS_ENDPOINT }} | |
access-key-id: ${{ secrets.ALIYUN_OSS_KEY_ID }} | |
access-key-secret: ${{ secrets.ALIYUN_OSS_KEY_SECRET }} | |
- run: | | |
echo "${{ github.event.repository.name }},version,${{ env.iast_version }}" >> version.txt && \ | |
echo "${{ github.event.repository.name }},commit_hash,${GITHUB_SHA}" >> version.txt && \ | |
cat version.txt | |
ossutil cp -rf version.txt oss://huoqi-public/iast/release-version/${{ github.event.repository.name }}/${{ env.iast_version }}/version.txt | |
ossutil cp oss://dongtai/agent/java/${{ inputs.agent_version }}/ ./ --include "*.jar" -r | |
[ ! -f ./dongtai-agent.jar ] && echo "$FILE does not exist." | |
[ ! -f ./dongtai-agent.jar ] && ossutil cp oss://dongtai/agent/java/latest/ ./ --include "*.jar" -r | |
[ ! -f ./dongtai-agent.jar ] && echo "$FILE does not exist." | |
ossutil cp oss://dongtai/agent/python/ ./ --include "*.tar.gz" -r | |
ossutil cp oss://dongtai/agent/php/ ./ --include "*.tar.gz" -r | |
echo "REPLACE INTO project_version_control (version, component_name, component_version_hash) VALUES('${{ env.iast_version }}', '${{ github.event.repository.name }}', '${GITHUB_SHA}');" >> ./deploy/docker/version.sql | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build and push | |
uses: docker/build-push-action@v3 | |
with: | |
file: Dockerfile | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
dongtai/dongtai-server:latest | |
dongtai/dongtai-server:${{ env.iast_version }} | |
- name: finish build | |
uses: joelwmale/webhook-action@master | |
with: | |
url: ${{ secrets.DONGTAI_WEBHOOK_URL }} | |
body: '{"msg_type": "interactive","card": {"config": {"wide_screen_mode": true,"enable_forward": true},"elements": [{"tag": "div","text": {"content": "状态:项目${{github.repository}}构建成功\n分支:${{github.ref}}\n流程:${{github.workflow}}\n构建编号:${{github.run_number}}\n触发事件:${{github.event_name}}\n提交人:${{github.actor}}\nSHA-1:${{github.sha}}\n","tag": "lark_md"}}]}}' | |
helm: | |
if: ${{ github.repository_owner == 'HXSecurity' }} | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Set the value | |
id: release | |
run: | | |
TAG_NAME=${{ github.event.release.tag_name }} | |
ID=`echo ${TAG_NAME##v}` | |
if [ -z "${{ inputs.server_version }}" ] | |
then | |
echo "variable is empty" | |
else | |
ID=${{ inputs.server_version }} | |
fi | |
echo "iast_version=$ID" >> $GITHUB_ENV | |
- uses: azure/setup-helm@v1 | |
with: | |
version: 'latest' | |
id: install | |
- name: Get the release version | |
id: get_version | |
run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/} | |
- name: Setup ossutil | |
uses: manyuanrong/setup-ossutil@v2.0 | |
with: | |
endpoint: ${{ secrets.CHART_OSS_ENDPOINT }} | |
access-key-id: ${{ secrets.CHART_OSS_ACCESS_KEY_ID }} | |
access-key-secret: ${{ secrets.CHART_OSS_ACCESS_KEY_SECRET }} | |
- name: Download existed repo files | |
run: | | |
sed -i "s#tag: latest#tag: ${{ env.iast_version }}#g" deploy/kubernetes/helm/values.yaml | |
ossutil cp -rf oss://dongtai-helm-charts/iast/ ~/helm/repo/ --include dongtai-iast-*.tgz --exclude "index.yaml" | |
- name: Create helm package | |
run: | | |
helm package deploy/kubernetes/helm -d ~/helm/repo --app-version ${{ env.iast_version }} --version ${{ env.iast_version }} | |
helm repo index ~/helm/repo/ --url ${{ secrets.DONGTAI_IAST_CHART_REPO_URL }} | |
- name: Push helm chart to repo | |
run: | | |
ossutil cp -rf ~/helm/repo/dongtai-iast-${{ env.iast_version }}.tgz oss://dongtai-helm-charts/iast/ | |
ossutil cp -rf ~/helm/repo/index.yaml oss://dongtai-helm-charts/iast/ |